[Servercert-wg] List of Websites Relying on TLS 1.0 / 1.1
Doug Beattie
doug.beattie at globalsign.com
Mon Aug 12 05:29:26 MST 2019
Hi Wayne,
It would be helpful if you included the Serial number of the certificate you
found. Do you think you could add that so we can track back to the specific
certificate request that is securing the site?
Doug
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Wayne
Thayer via Servercert-wg
Sent: Friday, August 9, 2019 2:52 PM
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] List of Websites Relying on TLS 1.0 / 1.1
Here is a current list of websites that don't support TLS 1.2 or higher:
https://docs.google.com/spreadsheets/d/1Sx94fDTTo9MhXXorQJXizk2J6rs-Vc65cptaQqMjGwQ/edit?usp=sharing
(also here in CSV format:
https://bugzilla.mozilla.org/attachment.cgi?id=9083874)
It includes the issuing CA and serial number, so should be easy for each CA to
filter.
Thank you to everyone who has or is planning to reach out to your customers
that are on the list.
- Wayne
On Mon, Jul 1, 2019 at 8:54 AM Wayne Thayer <wthayer at mozilla.com
<mailto:wthayer at mozilla.com> > wrote:
Last year, Mozilla [1], Google [2], Microsoft [3], and Apple [4] all announced
that our browsers will stop supporting TLS 1.0 and 1.1 in March 2020. During
the Mozilla browser update at the last two F2F meetings, I have asked CAs to
help get the word out to their customers about this change. CAs have direct
relationships with the organizations that operate affected websites, and this
provides a great opportunity for CAs to engage with their customers and help
to improve web security.
At the last meeting, I was asked if Mozilla could facilitate this outreach by
providing a list of websites that do not support TLS 1.2 or higher grouped by
the CA that issued the website's TLS certificate. This information - for
websites on the Tranco top 1 million list [5] - is located at:
https://docs.google.com/spreadsheets/d/1iSEEfc5AuYwT5elAEvkZdLSbwBeJ_SR-0El6s08zNs8/edit#gid=2044764669
Please be aware that this information was collected 1-2 months ago, so I
recommend that you confirm that the site is still on the following list of
affected site, which is updated weekly:
http://tlscanary-plot-8e95d89854d73f4d.elb.us-west-2.amazonaws.com/tlsdeprecation-carnage.txt
Please let me know if you have any questions, and thanks in advance for
everyone's help with this!
- Wayne
[1] https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
[2]
https://security.googleblog.com/2018/10/modernizing-transport-security.html
[3] https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
[4]
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
[5] https://tranco-list.eu/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190812/9ef1a53e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5701 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190812/9ef1a53e/attachment.p7s>
More information about the Servercert-wg
mailing list